Hello
I have an identityserver3 in federation with an external idP. Our identityserver uses IdentityServer3.EntityFramework to get users from database.
Now if a new user logs in via ext. Idp then in the database a new user table entry with a new entry in UserLogins is created. Also all the claims from the ext. Idp are persisted in user claims table. Then later solely the stored claims are being used to construct the token – not the claims from the current external Idp login.
But claims from external Idp will change. So they should not get persisted. And Our Policy does not allow external claims being put even encrypted into any database. But all the external Idp claims and the previously persisted claims(i.e.via IdentityAdmin) should get put nevertheless into the tokens.
Can you hint me towards how to not store claims from external Idps in db?
PS: adding features to refresh and update external Idp data like following is not allowed:
So change your implementation of AuthenticateExternal to do what you want. The implementation provided from the ASP.NET Identity sample is just a starting point.
Hello I have an identityserver3 in federation with an external idP. Our identityserver uses IdentityServer3.EntityFramework to get users from database.
Now if a new user logs in via ext. Idp then in the database a new user table entry with a new entry in UserLogins is created. Also all the claims from the ext. Idp are persisted in user claims table. Then later solely the stored claims are being used to construct the token – not the claims from the current external Idp login.
But claims from external Idp will change. So they should not get persisted. And Our Policy does not allow external claims being put even encrypted into any database. But all the external Idp claims and the previously persisted claims(i.e.via IdentityAdmin) should get put nevertheless into the tokens.
Can you hint me towards how to not store claims from external Idps in db?
PS: adding features to refresh and update external Idp data like following is not allowed:
App_Packages\IdentityServer3.AspNetIdentity\IdentityServer3.AspNetIdentity.cs
protected virtual async Task ProcessExistingExternalAccountAsync(TKey userID, string provider, string providerId, IEnumerable claims)
{
claims = await SetAccountEmailAsync(userID, claims);
claims = await SetAccountPhoneAsync(userID, claims);